j3d1/webvirtcloud
1
0
Fork 0
mirror of https://github.com/retspen/webvirtcloud synced 2025-07-31 12:41:08 +00:00
Code Issues Projects Releases Wiki Activity

Check user permission before delete or resize

Browse source 
Else a user without these permission could delete or resize and instance
by forging a good post request.
This commit is contained in:
Valentin Samir 2016-05-09 12:07:30 +02:00
parent 4ce76f57c6
commit 7b3fcd17ea
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
instances/views.py
View file

@ -260,7 +260,7 @@ def instance(request, compute_id, vname):
addlogmsg(request.user.username, instance.name, msg)
return HttpResponseRedirect(request.get_full_path() + '#powerforce')
if 'delete' in request.POST:
if 'delete' in request.POST and (request.user.is_superuser or userinstace.is_delete):
if conn.get_status() == 1:
conn.force_shutdown()
if request.POST.get('delete_disk', ''):
@ -330,7 +330,7 @@ def instance(request, compute_id, vname):
msg = _("Please shutdow down your instance and then try again")
error_messages.append(msg)
if 'resize' in request.POST:
if 'resize' in request.POST and (request.user.is_superuser or userinstace.is_change):
vcpu = request.POST.get('vcpu', '')
cur_vcpu = request.POST.get('cur_vcpu', '')
memory = request.POST.get('memory', '')